I need to write a new authentication method for Spring Security for a rare authentication protocol. I can write an AuthenticationProvider that will support the new system, but I need to have the appropriate information passed in on the Authentication object. What object do I need to implement to handle the instantiation of the custom Authentication object?
Asked
Active
Viewed 835 times
0
C. Ross
- 31,137
- 42
- 147
- 238
2 Answers
2
Generally it will be a filter (specifically a subclass of AbstractAuthenticationProcessingFilter).
Check out the code for the attemptAuthentication() method of the UsernamePasswordAuthenticationFilter, the filter that handles the usual username/password authentication use case.
sourcedelica
- 23,940
- 7
- 66
- 74
-1
I would recommend extending AbstractAuthenticationToken to create token that you can pass to provider. You will also need to override supports method of your AuthenticationProvider to accept this token.
Ritesh
- 7,472
- 2
- 39
- 43
-
care to add comment as to why you did down vote? The OP's question is about the creating the authentication object that can be passed to AuthenticationProvider and that object will be nothing else but a subclass of AbstractAuthenticationToken. The filter comes in picture when you want to pass that token to provider. Also see my answer to question at http://stackoverflow.com/questions/4783063/configuring-spring-security-3-x-to-have-multiple-entry-points to implement your your token and provider. – Ritesh Aug 15 '11 at 15:51
-
I downvoted it, but I suppose I should clarify the question. I was really asking what object was instantiating the `Authentication` object. If you edit I'll undo my downvote. – C. Ross Aug 15 '11 at 16:10
-
ok, now I got it. I guess @ericacm's answer is correct. We can instantiate the authentication token whenever we have to call authentication manager to invoke authentication providers. Typically it is in attemptAuthentication method of form login filter. – Ritesh Aug 15 '11 at 16:54